"People
should not be afraid of their governments. Governments should be afraid of
their people," the fictional character V infamously remarked in the film V
is for Vendetta.

Anonymous, a group which borrows its visual guise from that graphic
novel-turned-film, has certainly been filling governments with frustration this
year. The hacktivist group played a
role in the unrest in the Middle East earlier this year, and
now has claimed yet another target -- the digital domain of the San Francisco
Bay Area Rapid Transit (BART) system.

BART, San Francisco, California's local
government-owned traditional "slow" rail system (top
speed: 80 mph), drew criticism in January 2009 when cell phone videos captured
transit cop Johannes Mehserle fatally shooting Oscar Grant III
execution-style in the back after the man appeared to be cooperating with an
arrest.

That criticism only intensified after BART blocked cell phone traffic on its
trains in an attempt to silence organizers of a protest at the station where
the murder occurred.

Agency spokesman Jim Allison defends the decision, stating, "We're going
to take steps to make sure our customers are safe. The interruption of cell
phone service was done Thursday to prevent what could have been a dangerous
situation. It's one of the tactics we have at our disposal. We may use it; we
may not. And I'm not sure we would necessarily let anyone know in advance
either way."

Those efforts drew the ire of Anonymous who on Sunday defaced
the transit service's myBARTway page as part of a major operation [press release] dubbed
"OpBART".

Members also leaked over 2,000 user names, emails, and passwords (and in some
cases addresses) to an Austrian domain name -- DJMash.at. Anonymous writes:

Thus below we are releasing the User Info Database of MyBart.gov,
to show that BART doesn't give a shit about it's customers and riders and to
show that the people will not allow you to kill us and censor us. This is but
the one of many actions to come. We apologize to any citizen that has his
information published, but you should go to BART and ask them why your
information wasn't secure with them. Also do not worry, probably the only
information that will be abused from this database is that of BART
employees.

Marsha-Ann Sebay, a Vallejo woman whose personal information was released, told the San
Francisco Chronicle, "To be honest with you, I'd like to kick their
ass. If you have a problem with someone, you resolve it with that person. You
don't punish other people because you don't agree with something. There's other
ways to protest. In my day, you bombarded them with letters."

That said, the fact that Anonymous was able to crack the
passwords so easy and display them in plaintext indicates they were either
stored in plaintext or, at best, stored as unsalted MD5 hashed values. In
that regard, customers should be mad at Anonymous for
endangering them, but also at BART for failing to practice proper security.

Mr. Allison (whose info was not leaked, interestingly) tried to reassure
customers stating, "We regret the inconvenience and stress that it's
created for customers. We're disappointed that they would do this meant to be a
service to our customers. We're doing everything we can to protect bart.gov,
which is used by nearly 2 million people a month as an important tool."

In an email to customers BART wrote:

Several hours ago, myBART account information was compromised in
connection with an illegal and unauthorized intrusion into our system. In
response to this intrusion, we will temporarily shut down the myBART.org
website, and have notified law enforcement authorities.

Although we are still investigating the details of this incident, we know that
an unauthorized person has obtained contact information from at least 2,400 of
our 55,000 members. In most cases, the information consists of names, email
addresses, and passwords. In some cases, the database also listed an address
and phone number. No financial information is stored in the myBART database.

Such statements sound like the commentary of an entity that didn't do its work
to properly protect its customers in the first place. Anonymous may
not have made any friends with its antics, but maybe if BART was less worried
about block peaceful protests and more worried about protecting customers'
private data properly, it wouldn't have suffered such a breach.

Anonymous, for better or worse, is soldiering along. It's launched
a new operation dubbed "Op Britain"
[Pastebin], which targets the English government for its plan of censorship in the wake of recent
class riots (ironically, Anonymous also has plans to attack Facebook, one of the targets of
England's censorship bid). Anonymous is also targeting [Pastebin] the Fullerton,
California city Police Department after the fatal July beating of a homeless man
by six city cops. So far the Fullerton PD page has not been defaced.

Comments

Threshold

Username

Password

remember me

This article is over a month old, voting and posting comments is disabled

"A politician stumbles over himself... Then they pick it out. They edit it. He runs the clip, and then he makes a funny face, and the whole audience has a Pavlovian response." -- Joe Scarborough on John Stewart over Jim Cramer